Symantec, the maker of Norton Antivirus has confirmed that an Indian Hacking group calling themselves Lords of Dharmaraja, has threatened to disclose the source code to the product on the internet.So far there have been 2 incidents related to Symantec‘s code.

First: A document claiming to be confidential information related to Norton’s Source Code to their product Norton Antivirus.  This was posted on Pastebin.  It was dated from April 1999 and was related to an application programming interface used by the product.

Second: The group shared source code related to what appears to be from the 2006 version of Symantec‘s Norton Antivirus with journalists from Infosec Island.  One of the group that appears to be acting as the spokes person “Yama Tough” published this message on Google+.   “@Symantecjobfeed you guys r in trouble pastbin.com/ciExRzr3 Symantec source code owneed like shit”

The content that was released on PastBin has been removed and Yama Tough’s post has been removed from Google+.

Cris Paden, Sr. Manager for Corporate Communications at Symantec emailed Infosec Island editors with the following statement concerning the exposure of source code for the company’s Norton antivirus product:

Symantec can confirm that a segment of its source code has been accessed.  Symantec’s own network was not breached, but rather that of a third party entity.”“We are still gathering information on the details and are not in a position to provide specifics on the third party involved.””Presently, we have no indication that the code disclosure impacts the functionality or security of Symantec’s solutions.  Furthermore, there are no indications that customer information has been impacted or exposed at this time.”“However, Symantec is working to develop remediation process to ensure long-term protection for our customers’ information.  We will communicate that process once the steps have been finalized.”

“Given the early stages of the investigation, we have no further details to disclose at this time but will provide updates as we confirm additional facts.”

Update 01.08.2012 – Symantec claims the product’s source code is from 1 discontinued item and one that is outdated. It poses NO threat to existing products.  However they do admit this is a wake up call to Symantec about how their code is handled.

Source: Sophos, Infosec Island, DarkReading